"This is very embarrassing." So began a post by the developers of UnrealIRCd server after finding that their software was
infected with a Trojan. Another example of why enterprises should consider the safe haven of Linux? Just the opposite:
The Trojan infected only the Linux version of the server software, but its Windows counterpart was clean.

Although Linux malware is relatively rare compared to attacks on Windows, it exists, and it's steadily increasing. In fact,
as far back as 2005, the amount of known Linux malware had already doubled over the course of a year to 863 programs. As
Linux's popularity grows among consumers and enterprises, so does its attractiveness to hackers.

In the process, the strategy of security by obscurity becomes less viable. So far, Linux servers appear to be targeted more
frequently than Linux PCs partly because there's a larger installed base. The risks aren't limited to servers and desktops,
either. One recent example is Backdoor.Linux.Foncy.a, which attacks smartphones running the Linux-based Android operating
system. Kapersky Lab calls Backdoor.Linux.Foncy.a "the most striking example of a malicious program used by cybercriminals
to remotely control an infected device by sending a variety of commands."

In a sense, Linux malware today is like mobile malware circa 2002: Many businesses, consumers and analysts scoffed at
warnings simply because attacks were so few and far between. But as the attacks mount, so does the need for a strategy that's
more robust than simply betting that the odds are in your favor.

Developing a Security Strategy

The good news is that many successful strategies from the Windows world are applicable to Linux.

1. Think twice about downloading free software and content

Even when it, the source or both appear innocuous.
Ignoring that advice has facilitated hacks such as screensavers that use Ubuntu PCs for distributed denial-of-service attacks.
Backdoor.Linux.Foncy.a passed itself off as the "Madden NFL 12" game.

2. Run a Windows antivirus program.

Because Linux PCs are still a minority, there's a good chance that a file is headed for a Windows machine. Windows antivirus
software minimizes the chances that the Linux PC or server will facilitate malware's spread.

3. Borrow from Ronald Reagan: Trust, but verify

For example, many Linux users trust Ubuntu's Personal Package Archives. The potential catch is that although there's
a code of conduct, there's no guarantee that a secretly
malicious signatory won't leverage that trust. Verification could include using only entities that have proven themselves
to be trustworthy, or inspecting the files in a package for anything suspicious before installation.

There's a good reason why they're worth paying attention to: They wouldn't have those lines of business if there weren't
enough threats already out there.

5. Don't let managers and other supervisors blindly sign off on the wireless portion of expense reports

This advice is as low-tech as it gets, but it's also highly effective -- not just for Android malware, but types that target
all other mobile OSs, too. Although a lot of malware is designed to harvest credit card numbers and other personal information,
Backdoor.Linux.Foncy.a is an example of the types that send messages to premium-rate text message and other data services.
By simply questioning why an expense report has an unusually high wireless bill that month, you could catch an infected
smartphone before it has several months or more to incur unnecessary charges. In the case of Backdoor.Linux.Foncy.a, only
about 2,000 Android phones were infected, but that was enough for the hackers -- later arrested -- to run up an estimated
100,000 Euros in unauthorized charges.